From ddb5c8a133baeec4f10381d0325ce19da58835a9 Mon Sep 17 00:00:00 2001
From: "molecule-ai[bot]" <276602405+molecule-ai[bot]@users.noreply.github.com>
Date: Tue, 21 Apr 2026 08:02:36 +0000
Subject: [PATCH] docs: add docs/research/cognee-isolation-eval.md

---
 .../docs/research/cognee-isolation-eval.md    | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 content/docs/research/cognee-isolation-eval.md

diff --git a/content/docs/research/cognee-isolation-eval.md b/content/docs/research/cognee-isolation-eval.md
new file mode 100644
index 0000000..c2b373c
--- /dev/null
+++ b/content/docs/research/cognee-isolation-eval.md
@@ -0,0 +1,37 @@
+# Cognee Workspace Isolation Evaluation
+
+**Date:** 2026-04-20
+**Issue:** Molecule-AI/molecule-core#1146
+**Status:** Preliminary — needs deeper architecture review
+
+## Summary
+
+Cognee (Apache-2.0, by Topoteretes UG) is an open-source AI memory engine with a shipped MCP component. It has direct overlap with Molecule AI's Phase 9 hierarchical memory architecture.
+
+## Workspace Isolation Assessment
+
+**Signal: Partial/Positive**
+
+Cognee's GitHub README explicitly lists "agentic user/tenant isolation, traceability, OTEL collector, audit traits" as a core architectural feature.
+
+This is a positive signal. However:
+- The README mention does not specify the technical mechanism (namespace-level separation? separate vector DB instances per tenant? row-level security in a shared DB?)
+- The cognee-mcp MCP component's handling of multi-workspace contexts is not documented in the surface-level readme
+
+**Verdict:** Cognee claims tenant isolation. Further due diligence required before treating this as confirmed.
+
+## Next Steps
+
+1. **Deep-dive into cognee architecture docs** — check if isolation is enforced at the storage layer (separate DB/collection per workspace), application layer (row-level), or both
+2. **Test cognee-mcp with a multi-workspace scenario** — the MCP tool interface should reveal whether workspace_id is a first-class parameter
+3. **Check cognee's GitHub issues/discussions** — any community reports of cross-tenant data leakage?
+4. **Evaluate migration path** — if Cognee is adopted, what's involved in migrating existing Phase 9 work?
+
+## Recommendation
+
+Proceed with Phase 9 build-vs-buy review. Cognee is a credible candidate — isolation is claimed but mechanism needs verification. The Phase 9 halt stands until this is resolved.
+
+## Sources
+
+- https://github.com/topoteretes/cognee (README, 2026-04-20)
+- /workspace/repo/research/cognee-memo.md